Overview

overview

6

Static

static

3

5a93e050b6...06.exe

windows7-x64

6

5a93e050b6...06.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    14/01/2024, 06:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a93e050b67ee00cea83740757a9c206.exe

  • Size

    72KB

  • MD5

    5a93e050b67ee00cea83740757a9c206

  • SHA1

    947fbfc74bbd9171a91cbf15b86538a6e2dc3929

  • SHA256

    c9a33228507c5a166ea21fe7e2c6733919a91a91ee6422936b77a1b546c73195

  • SHA512

    41bce9ae71fcadbd9cc605f094493c0033195c6b4ab5194f9cc711fd3af20f22525d3f3d52d83fb557fd75de6e131cc2708f09df87c581af0f6e809b7ad76307

  • SSDEEP

    768:wnuWtZiIr8SBPJm/Ktp+Z/QqmDU4kklnB+ZODifXDtnB:wnuWtZDrZBPgF/Q7tk15ztnB

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a93e050b67ee00cea83740757a9c206.exe
    "C:\Users\Admin\AppData\Local\Temp\5a93e050b67ee00cea83740757a9c206.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 320
      2⤵
      • Program crash
      PID:2476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads